Path: utzoo!attcan!uunet!tut.cis.ohio-state.edu!pacific.mps.ohio-state.edu!zaphod.mps.ohio-state.edu!uakari.primate.wisc.edu!xanth!mcnc!uvaarpa!mmdf
From: telxon!teleng!gorpong@uunet.uu.net (Gordon C. Galligher)
Newsgroups: comp.lang.perl
Subject: Disabling "Taintedness" of variables
Message-ID: <1990Jul3.203638.3747@uvaarpa.Virginia.EDU>
Date: 3 Jul 90 20:36:38 GMT
Sender: mmdf@uvaarpa.Virginia.EDU (Uvaarpa Mail System)
Reply-To: telxon!teleng!gorpong@uunet.uu.net
Organization: The Internet
Lines: 34

I am currently trying to do the following:  Set up a separate root directory
for guest users on the machine.  I want to have a perl script to do a chroot()
to the special place for the user and then let them in.  That way they can
use the machine as a mail hub, or whatever, but not be able to see any data
on the system and such (ie: the bbs user will belong to this).  To do that
I initially hardcoded everything in the perl script, and it was fine.  Instead
of that, I decided to have a separate password/group file just for that and
have the perl script query those files to get the information.

That doesn't work because the very end when I want to chdir to their home
directory (found in the other password file) perl reports:

Insecure dependency in chdir at line ....

I KNOW what I'm doing, and chdir'ing to their home directory is not a 
problem.  I do open up the password/group files as root, because the files
are readable ONLY by root (hence, they are secure).  Perl won't let me do 
something this simple!  I agree that it is nice to know when you are doing
something rather insecure, but there should also be a way to turn it off for
those of us that really do know what we are doing.  I don't know of any other
way to do this.  Once I read the file the values are tainted.  I therefore
cannot use those values in anything else, or they become tainted.  So, I can
look at the values in the file and then throw them away; that's stupid.

Larry, ANYBODY please help me!  I'm not going to post the entire script because
it is over 400 lines long.  I'll take any ideas, no matter HOW off the wall.

		-- Gordon.

-- 
Gordon C. Galligher  <|> ..!uunet!telxon!gorpong <|> telxon!gorpong@uunet.uu.net
Telxon Corporation   <|> "It seems to me, Golan, that the advance of civiliza-
Akron, Ohio, 44313   <|> tion is nothing but an exercise in the limiting of
(216) 867-3700 (3512)<|> privacy." - Janov Pelorat  -- _Foundation's Edge_